What is Mount Olympus. Well it is the chatroom for the web 2.0, for those of you that hold the values of this forum, of BBS, IRC, and such places....You can rest assure we hold them on Olympus as well.

Fine place to learn and grow. Where Lectures are given from many different hackers. Always something different, something very new.

Imagine a place, that is not just a chatroom, but a chat palace. Full of many room, each with their own interaction, sounds and sights.

A growing city of people that are, hackers, gamers, techies, and even those that are starting out in the tech learning, growing, having that real time conversation, a bit more personal than you would expect, but still very fun.

There is a admin from another site/forum again who visited Mount Olympus, and literally enjoyed himself with just the few of us there. He was from somewhere that is not the US, and well it was night time for him, and had to be up for work.

If there is one real drawback of right N O W, is that we lack people to make the community as effective as this one.

I do not want you to think of this as a hoax, but think back to the first time, you seen this website for the first time. Or any hacking website/security site for the first time as just a link. A L I N K. This place here was just a link when you first met it.

The admin here of course had to use a few compelling statements in hopes for you to select his LINK and move on in. And well, if you are reading this, you are one of many that clicked his link. In other words you took a chance, and here you are, several posts later, several threads even.

I hope I am compelling enough myself, not to take away from this community, but to give back to what the hacking community have given me. My contribution. Just like this site is the owners contribution.

Am I saying Mount Olympus is better than this site?

Not at all, infact I come here just as much too. I might be talking on Olympus, and then wanted to go research something while there, I may come here or to some other site for answers and lessons.

What I am trying to do is get you to click my link yes. But with the understanding that, as you do, you are about to enter the Matrix.

If you go there, come back and post that you have and tell me, and others what you think. It would be best if it is not just my word alone.

This sort of thing already exists. These places are called "IRC servers", and they aren't typically associated with horrible web design and downloading very shady looking windows-only clients. Virustotal is coming back as this being clean with all the different scanners, but I would advise no one to trust this.

The way you talk, there's already a lot of people there giving lectures and such. Give us some examples of what lectures people have given.

"The Palace" is a server-client graphical chat system with stylized, 3D character model avatars in a 3D environment. It's kinda silly and I don't expect its very secure, either.

I remember using this program about 4 or 5 years ago, and I found the entire experience to be really creepy and weird. Back then I don't remember a single avatar that looked like just a normal person, like somebody you'd just see on the street. They were all real stylized. There was a familiar pattern of the few girls who were around using real cutesy, anime-style avatars and the boys (I'm assuming they were teenagers), who made up like 90% of the population, would pick these really dark, broody or scary avatars. So when you entered a chat room or hangout space, you would see these strange groups of weirdos and comic-book characters standing around. A common sight would be something like a little girl in like a pink half-shirt and short shorts with bunny ears surrounded by a bunch of big monsters and vampires, ninjas in black, Conan the Barbarian types, mohican punk rockers, etc.

Not to rip on this guy or anything, but the whole thing seems like kind of a waste of bandwidth for something which is essentially a shittier version of WoW or Second Life with no gameplay and fewer options for interaction within the environment.

I don't get what this has to do with Web 2.0 at all, it looks like just a spam post trying to get people to join his group.

In the process of seeing if there are any known spyware components to this Palace Client software, I ran across some information on just how old and busted this is. The software he is asking you to download and try is an old version (3.5.0, from seven years ago!) and is known to be vulnerable to a very straightforward and easy-to-exploit stack overflow:

My original impression, in my first post in this thread is that the software was likely to be some sort of trojan, but this is almost worse. It's an easy way to 0wn participants, and still retain plausible deniability. Note that this version was chosen, even with a newer, version 3.6 available.

My advice would be to not trust it either. In the only sort of announcement of changes I can find, there is no mention of fixing the vulnerability. After reading about the vulnerability in <=3.5.0, I would say there's a very good chance the software is riddled with similar problems that are not currently documented.

BTW, this is not my first post. Just my last account I have seemed to have lost it several years back.

You are fearing silly things. I am just asking to check out my community. I am posting a link like many others are. If you have questions as to its stability you may ask. As for the vulnerability you are correct. I know what the vuln is, and have written a script to correct it.

All I am trying to do is ask for anyone that wishes to check out my community as well you may. Also the graphics are 2-d, not 3-d. Also there are no spyware to speak of. Never have been since 2000, when the software was bought out. Besides, i have re-modified the client to make it work with just the bare necessities. There are no dangers to speak of.

It is as safe as a forum.

Anyhow, I hope you guys reconsider your judgements. I am currently working on finding a stable mac os client. Well, also a live mac OS, so I may do some proper testing.

You are fearing silly things. I am just asking to check out my community. I am posting a link like many others are. If you have questions as to its stability you may ask. As for the vulnerability you are correct. I know what the vuln is, and have written a script to correct it.

Please fill us in on some details about this... I'm interested to see how you can write a script that prevents a stack overflow in the software's URL handler.

It is as safe as a forum.

This, I doubt. I would advise anyone thinking of trying this to read the advisory I have linked to above before believing this.

It installs a URL handler that anybody could attack you through. Javascript, a Flash redirect, or perhaps even a simple meta refresh to a crafted URL is all it would take for someone to exploit you once this is installed. The only thing keeping you safe is fact that most attackers are going to assume that people are smart enough not to run a 7 year old chat client with known vulnerabilities.

Alright for the last two posts. One good question, what is wrong with IRC. There is nothing wrong with it. What is wrong with forums, nothing is wrong with forums? What is wrong with chatrooms, nothing.

Now for the guy making note about the science of the vuln. Now, the thing is, I am not providing a installer. So that is one thing. Chances are your browser needs to point to it first of all.

Second of all just make sure your web browser do not point to a palace app, if it can still see the program without the installer.

My web browser asks me if I want to open palace with the link. I hope yours do the same. If the vuln is still scaring you, do what other people do and create your own client.

Obviously IRC has more than one Client, etc....Someone decided to make their own and share it, or some just made their own and keep it. You can do the same.

I just hope we have not forgotten about the spirit of this here post, that I am trying to share with you is that there is another community out there; with both a chatroom, and bulletinboard/forum. Obviously we can bash the chatroom, and leave out the bulletinboard/forum. Or can bash the bulletinboard/forum.

Or you could just bash them both. The idea is "another" community. Something for you to add.

Alright for the last two posts. One good question, what is wrong with IRC. There is nothing wrong with it. What is wrong with forums, nothing is wrong with forums? What is wrong with chatrooms, nothing.

Now for the guy making note about the science of the vuln. Now, the thing is, I am not providing a installer. So that is one thing. Chances are your browser needs to point to it first of all.

Second of all just make sure your web browser do not point to a palace app, if it can still see the program without the installer.

My web browser asks me if I want to open palace with the link. I hope yours do the same. If the vuln is still scaring you, do what other people do and create your own client.

Obviously IRC has more than one Client, etc....Someone decided to make their own and share it, or some just made their own and keep it. You can do the same.

I just hope we have not forgotten about the spirit of this here post, that I am trying to share with you is that there is another community out there; with both a chatroom, and bulletinboard/forum. Obviously we can bash the chatroom, and leave out the bulletinboard/forum. Or can bash the bulletinboard/forum.

Or you could just bash them both. The idea is "another" community. Something for you to add.

Anyhow, I hope to see you there.

It's not even making sure that your browser doesn't point to the malformed URL. Flash redirections and meta-refreshes don't exactly "prompt" you to go to the URL or not last I checked.

If you are insisting what I think you are in regards to the "making your own client thing", post the approved RFC of your chat client's foundation (or give us the code). Until you do either of those that argument is null and void.

Another community sure. But linking to a outdated and flawed client and saying it's "modified" (nothing more than some hex editing I would say...at most) is very very shady. You could've at least changed the version number to make it so the less intelligent ones on the forum wouldn't send up red flags in a google search.

In regards to the link being "safe" after a certain number of years passing it's supposed "popularity". That's a lie. A flaw is a flaw, and will always be a flaw. There will always be an exploit looking for that one guy who forgot to update his client, or that one guy who downloaded a malformed piece of software.

Also, I'm sure most of us here would like to see the code of your script and what language it's written in in regards to "fixing" the vuln. Last I checked "scripting" languages didn't have the low level capabilities of say...C...in terms of being able to modify or patch an .EXE. I could be wrong on that though. I'm a die-hard C++ zealot.

The old client could be a problem if someone actually clicked the link. Now, Phalanx has been totally redone by another team, which would nullify the palace link scare. I personally do not have the code or the SDK, I could I suppose if I wanted to make my own. I have considered it from time to time, but not really cared to go at it.